Single sign-on (“SSO”) is a property of managing access of multiple computer systems that are independent, but also related. Under SSO, once a user securely signs-on to a central server, such as a SSO server, a user gains access to all computer systems (identified as “partner applications” or “partners” or “agents”) that have delegated their authentication functions to the server. This means that the user does not have to securely sign-on to each partner.
For example, if a user tries to access a partner that has delegated its authentication function to a SSO server, the user is redirected to the SSO server, where the SSO server challenges the use for credentials, such as a user name and password. After verifying the user's credentials, the SSO server sets a session cookie and passes an authentication token to the partner. The partner then serves up the requested content. If a user tries to access a second partner that has also delegated its authentication function to the SSO server, the user is again redirected to the SSO server. However, this time, the SSO server does not challenge the user for credentials a second time. Instead, the SSO server uses the session cookie to validate the user identity. Upon validating the identity of the user, the SSO server passes an authentication token to the second partner, and the second partner serves up the requested content. Thus, the user only needs to sign on to the SSO server one time.
In order to implement SSO, each partner that wishes to delegate its authentication functions is required to have previously registered with a central server, such as a SSO server. Each partner is required to register with the central server, among other reasons, so that the central server can properly receive redirected requests, and can properly send authentication tokens back to each partner. Partner registration processes are discussed below in greater detail.